Tuesday, August 08, 2006

Are You “Giving Away” Your Personal Information?

Sooner or later you have to dispose of that old computer. Maybe you will throw it away (shame on you!), or you will do the right thing and recycle it (much better), or you are giving it away to a non-profit organization (bless your soul). Just a sidebar plug here – but if that old computer is still serviceable and in working order, why NOT give it to a non-profit agency or a needy family? Many agencies will gladly take that old computer, go through it to make sure it is good to go, and give it to someone who needs it. Think of the disadvantaged kid who gets your old computer, gets more out of their education, and then one day becomes a doctor who saves your life.

I have digressed. Anyway – when you give that computer away, what was on the hard drive when you gave it away? Tax records, some private letters, account numbers and passwords? Oh – but you deleted all of your files, all of the stuff in “My Documents” and it is all set to give away. Well alrighty then – no worries. Here’s the bad news. When you deleted all those files, you only deleted the reference to them in the part of the hard drive that indexes them for retrieval by your system. The data is still there, and anyone with the right tools can retrieve it. In other words, it’s like ripping out the table of contents in a book you plan to give away. You have torn out the pages that tell you where to easily find what you are looking for. But if you keep turning the pages in the book, you will see that all of the words are still there, and you can read the pages just as if nothing else were missing from that book.

It is absolutely necessary that you completely delete anything on your computer that might disclose personal data, such as social security numbers, birth dates, tax records, or even personal letters. Either that or remove the hard drive and destroy it. But you want to give away a complete computer, don’t you? So the lucky recipient will be able to put together a complete system for someone to use, and spend less money doing it.

Well – here’s the good news. Many of the tools you need to obliterate all of your personal data are free or very inexpensive. Many of them will even erase a hard drive to strict Department of Defense (DoD) standards for disk erasure. I can’t emphasize enough: you MUST obliterate everything on that hard drive before you get rid of it. Anything and everything can be used against you by a crafty hacker. There are things buried deep in your operating system that contain information that you may not be aware of.

If that hard drive has failed, be sure to remove it before you give the computer away. Even if the electronics have failed, the drive can still be opened up and all of the contents retrieved. Remove it and destroy it. Take the drive apart and completely destroy the platters. You can use strong magnets or better yet a device called a “degausser” to erase the data if necessary. Whatever you do, be sure you are not giving away your personal data just because you thought you erased everything on that ard drive.


Additional Resources:

http://www.pcworld.com/downloads/file/fid,22920;order,1;page,1;c,All%20Downloads/description.html (PC World Article)
Church Crosstalk Killdisk
Darik’s Boot & Nuke

3 comments:

Anonymous said...

I completely agree with you about erasing your hard drive. I was giving my hard drive to my brother and I used one of the free hard drive eraser programs. Well, low and behold he called me a few weeks after I had given him the computer and told me he had all of the information I thought had been erased. That's when I learned you really shouldn't trust a program like this unless it meets Department of Defense standards. After searching around, the best one I could find is by a company called StompSoft. The program is called DriveWasher and it meets the U.S. Department of Defense 5220.22-M standard for disk-sanitization. It's easy to use and it does the job right. That's what matters most. Hope I've been of some help to someone out there so they don't have to go through what I went through.

The Gonz said...

Thanks for the reminder. And just to follow up: the Active@ Hard Drive Eraser product conforms to US Department of Defense's standards (5220.22-M) for clearing and sanitizing standard sensitive information.

The DBAN product, although not stating that it conforms with 5220.22-M is trustworthy. The Sourceforge tools are fairly well respected.

As a reminder, any time you try a free tool, be sure you know what you are getting. After using any tool, free or not, double-check that your drive is clean. You can either boot to a floppy disk with a utiliity that can see NTFS or whatever file system you are using, or you can boot to a Knoppix Linux CD, which can mount NTFS and FAT volumes. Inspect your diske before giving it away.

The Gonz said...

Correction to above: The DBAN tool conforms to DoD 5220.2-M